Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak usunąć Safe Finder i DNS unlocker? Logi z FRST.

kozioleczek 30 Gru 2015 19:43 804 7
  • Pomocny post
    #2 30 Gru 2015 20:02
    Acorus 20
    Spec od komputerów

    Odinstaluj BluetoothService, Browser Configuration Utility, McAfee Security Scan Plus, SafeFinder, WarThunder, Yontoo 1.10.02. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
    Pokaż nowe logi z FRST.

    0
  • Pomocny post
    #4 30 Gru 2015 21:24
    krzychupar
    Poziom 40  

    Przeskanuj komputer jeszcze tym: https://www.malwarebytes.org/mwb-download/
    Otwórz notatnik systemowy i wklej:

    Task: {47856281-9B74-46BE-9426-611024B6648B} - System32\Tasks\{E9DD90C0-F947-4AFE-B999-776C12D37E69} => pcalua.exe -a "C:\Program Files\EA GAMES\The Sims 2 Osiedlowe życie\CSBin\PackageInstaller.exe" -d "C:\Program Files\EA GAMES\The Sims 2 Osiedlowe życie\CSBin"
    Task: {53600423-49D0-4E48-89D7-14B0B6E48C66} - System32\Tasks\{2DF83A81-7DA4-410F-94E3-806FAF430A7C} => pcalua.exe -a E:\Setup.exe -d E:\
    Task: {87B92035-8ED5-4656-945B-6F518300D7CF} - System32\Tasks\{7D07A714-FFD2-4417-B5E3-459C737AE076} => pcalua.exe -a "C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe"
    Task: {91F7B1CF-4E02-4F3A-B27C-C1D3853F312D} - System32\Tasks\{CBC71C74-3E4E-4492-A2FC-2D1DC91D8836} => pcalua.exe -a "C:\Program Files\EA GAMES\The Sims 2 Osiedlowe życie\Support\The Sims 2 Apartment Life_code.exe" -d "C:\Program Files\EA GAMES\The Sims 2 Osiedlowe życie\Support"
    Task: {A51BB468-F57E-44F3-B4F7-23942F8E14BA} - System32\Tasks\{7A2D94BB-DFEB-4FFB-8B54-ABB333F87840} => pcalua.exe -a C:\Users\Jula\Downloads\OOo_3.2.1_Win_x86_install-wJRE_pl.exe -d C:\Users\Jula\Downloads
    Task: {E5537C43-46D9-4D00-8FB8-36C52DD1E156} - System32\Tasks\{975DB777-2154-4434-9AA3-F835A94940C9} => pcalua.exe -a "C:\Program Files\EA GAMES\The Sims 2 Zwierzaki\EAUninstall.exe"
    Task: {EEAAF82B-F09E-4DF2-95A1-CE8232E1C282} - System32\Tasks\{82EC1733-D77F-4E21-A52E-FC8795A6D813} => pcalua.exe -a "C:\Program Files\EA GAMES\The Sims 2 Na studiach\eauninstall.exe" -d "C:\Program Files\EA GAMES\The Sims 2 Na studiach"
    Task: {FF4499A4-2058-4EA9-A807-6A89D389E037} - System32\Tasks\{B83B719C-3ED6-4961-B356-7847B5C472AE} => pcalua.exe -a C:\Users\Tata\Desktop\LCVA_PCDrv_US_1_11_02.exe -d C:\Users\Tata\Desktop
    HKU\S-1-5-21-3466629084-4145646484-2692946378-1004\...\MountPoints2: E - E:\Autorun.exe
    HKU\S-1-5-21-3466629084-4145646484-2692946378-1004\...\MountPoints2: {002fc024-ecf5-11df-bdd7-806e6f6e6963} - E:\Autorun.exe
    HKU\S-1-5-21-3466629084-4145646484-2692946378-1004\...\MountPoints2: {07e51c9b-55c2-11e2-b59c-6cf049dbe5c1} - F:\AutoRun.exe
    HKU\S-1-5-21-3466629084-4145646484-2692946378-1004\...\MountPoints2: {303ba069-55f3-11e2-b5cf-6cf049dbe5c1} - F:\AutoRun.exe
    HKU\S-1-5-21-3466629084-4145646484-2692946378-1004\...\MountPoints2: {303ba091-55f3-11e2-b5cf-6cf049dbe5c1} - F:\AutoRun.exe
    HKU\S-1-5-21-3466629084-4145646484-2692946378-1004\...\MountPoints2: {3c3d95ce-2828-11e2-b66d-806e6f6e6963} - F:\AutoRun.exe
    HKU\S-1-5-21-3466629084-4145646484-2692946378-1004\...\MountPoints2: {6d880225-e3b1-11e1-8250-806e6f6e6963} - F:\AutoRun.exe
    GroupPolicyUsers\S-1-5-21-3466629084-4145646484-2692946378-1004\User: Ograniczenia <======= UWAGA
    GroupPolicyUsers\S-1-5-21-3466629084-4145646484-2692946378-1001\User: Ograniczenia <======= UWAGA
    SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-3466629084-4145646484-2692946378-1004 -> DefaultScope {CBF73A6E-A346-4baa-A24B-327CEFF16F4A} URL =
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF HKU\S-1-5-21-3466629084-4145646484-2692946378-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nie znaleziono
    S3 MachineHelper; C:\ProgramData\MachineHelper\MachineHelper [X]
    S3 cpuz130; \??\C:\Users\Jula\AppData\Local\Temp\cpuz130\cpuz_x32.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    2015-12-30 20:14 - 2015-12-30 20:24 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #5 31 Gru 2015 06:43
    kozioleczek
    Poziom 2  

    Udało się usunąć Safe Finder. Dzięki ode mnie i od córci. :D

    Dodano:

    Na swoim kompie mam problem z DNS unlocker, którego wyżej opisane działania nie usunęły. Będę wdzięczny jeżeli ktoś łaskawy nad tym się pochyli.

    Moderowany przez swiercm:

    Posty scaliłem. Proszę, byś w przypadku aktualizacji informacji używał opcji "Zmień".

    0
  • Pomocny post
    #6 31 Gru 2015 08:47
    Kolobos
    Spec od komputerów

    Fixlist.txt dla FRST:
    CustomCLSID: HKU\S-1-5-21-842925246-436374069-1606980848-1003_Classes\CLSID\{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> C:\DOCUME~1\User\MOJEDO~1\POBIER~1\BESTPL~1.EXE => Brak pliku
    Task: C:\WINDOWS\Tasks\{442330BE-CFF2-5E5B-DBC2-4B0E810A0322}.job => powershell exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\Run: [] => [X]
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\Run: [RMFon] => [X]
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {1fedc5e0-0516-11df-b00e-00241d711578} - J:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {2a5587e0-20b6-11e0-b2fd-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {2a5587e4-20b6-11e0-b2fd-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {3067eac8-0f56-11df-b024-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {3c6d8f29-57b5-11e0-b394-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {4bd68f48-b399-11df-b1c8-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {5d4a856e-213e-11e0-b2ff-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {5eaa4726-805b-11e3-bd2b-e6bfc6164a25} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {6596f23c-5b06-11e0-b39a-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {96237008-f01a-11df-b26d-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {a0c7a5c0-9e4b-11e1-b798-00241d711578} - F:\Bolt.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {bf46dec5-0a92-11df-b019-00241d711578} - F:\start.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {c14b18cf-2b6d-11e0-b320-00241d711578} - L:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {e0a76810-2151-11e0-b301-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {e0a76812-2151-11e0-b301-00241d711578} - F:\AutoRun.exe
    Startup: C:\Documents and Settings\User\Menu Start\Programy\Autostart\NOWO 2015 kawy krzywe.cdr.lnk [2015-04-25]
    ShortcutTarget: NOWO 2015 kawy krzywe.cdr.lnk -> C:\Documents and Settings\All Users\Dane aplikacji\{b09b5515-104f-2297-b09b-b55151045454}\NOWO 2015 kawy krzywe.cdr.exe (Brak pliku)
    BootExecute: autocheck autochk /r \??\M:autocheck autochk *
    S2 5764d77a; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files\RelayDefender\RelayDefender.dll",serv
    S2 62ce9eed; "C:\WINDOWS\system32\rundll32.exe" "c:\docume~1\alluse~1\daneap~1\intele~1\IntelewinfilterSvc.dll",service
    S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
    S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S2 Quizzical Tip; "C:\Program Files\Quizzical Tip\Quizzical Tip.exe" [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    U0 mfewfpk; Brak ImagePath
    S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
    U1 WS2IFSL; Brak ImagePath
    2015-12-30 20:50 - 2015-12-30 21:01 - 00000000 ____D C:\AdwCleaner
    2015-12-28 18:47 - 2015-12-28 18:47 - 00015942 _____ C:\WINDOWS\Tasks\{442330BE-CFF2-5E5B-DBC2-4B0E810A0322}.job
    EmptyTemp:

    0
  • Pomocny post
    #7 31 Gru 2015 08:49
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    CustomCLSID: HKU\S-1-5-21-842925246-436374069-1606980848-1003_Classes\CLSID\{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> C:\DOCUME~1\User\MOJEDO~1\POBIER~1\BESTPL~1.EXE => Brak pliku
    Task: C:\WINDOWS\Tasks\{442330BE-CFF2-5E5B-DBC2-4B0E810A0322}.job => powershell exe

    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\Run: [] => [X]
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\Run: [TomTomHOME.exe] => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\Run: [RMFon] => [X]
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {1fedc5e0-0516-11df-b00e-00241d711578} - J:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {2a5587e0-20b6-11e0-b2fd-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {2a5587e4-20b6-11e0-b2fd-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {3067eac8-0f56-11df-b024-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {3c6d8f29-57b5-11e0-b394-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {4bd68f48-b399-11df-b1c8-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {5d4a856e-213e-11e0-b2ff-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {5eaa4726-805b-11e3-bd2b-e6bfc6164a25} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {6596f23c-5b06-11e0-b39a-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {96237008-f01a-11df-b26d-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {a0c7a5c0-9e4b-11e1-b798-00241d711578} - F:\Bolt.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {bf46dec5-0a92-11df-b019-00241d711578} - F:\start.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {c14b18cf-2b6d-11e0-b320-00241d711578} - L:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {e0a76810-2151-11e0-b301-00241d711578} - F:\AutoRun.exe
    HKU\S-1-5-21-842925246-436374069-1606980848-1003\...\MountPoints2: {e0a76812-2151-11e0-b301-00241d711578} - F:\AutoRun.exe
    ShortcutTarget: NOWO 2015 kawy krzywe.cdr.lnk -> C:\Documents and Settings\All Users\Dane aplikacji\{b09b5515-104f-2297-b09b-b55151045454}\NOWO 2015 kawy krzywe.cdr.exe (Brak pliku)
    BootExecute: autocheck autochk /r \??\M:autocheck autochk *
    S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
    S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S2 Quizzical Tip; "C:\Program Files\Quizzical Tip\Quizzical Tip.exe" [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S4 IntelIde; Brak ImagePath
    U0 mfewfpk; Brak ImagePath
    S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
    U1 WS2IFSL; Brak ImagePath
    2015-12-30 20:50 - 2015-12-30 21:01 - 00000000 ____D C:\AdwCleaner
    C:\Windows\Tasks\{442330BE-CFF2-5E5B-DBC2-4B0E810A0322}.job
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #8 31 Gru 2015 20:35
    kozioleczek
    Poziom 2  

    Wielkie dzięki za pomoc!
    Jak usunąć Safe Finder i DNS unlocker? Logi z FRST.

    0